Identify

Identity

Demo · green

Non-human identity, finally held to account.

Binds every agent action to the identity your IdP already issued — Okta ID-JAG, SPIFFE/SPIRE — and proves what that identity did. Revoke the grant and every past action under it turns RED, re-derived offline from a signed status list, with no call back to the issuer. Demonstrated on a live Okta dev tenant.

refund-incident-1947.lnrlive
record
refund-incident-1947
root
sha256:54bc0655abbf
planes
approval code conformance data knowledge policy run  (7)
signer
ed25519 · keyid d2f381d7b0b5
  • runstep 9 — refunded an already-delivered orderproven
  • knowledgeretrieved doc-1 — a stale refund-policy docproven
  • policyrefund-limit rule evaluated → allowproven
  • data→causesuspected-cause (uncounted)asserted · uncounted
VERIFIEDoffline · engine absentnet requests: 0

Verified offline. 3 proven planes, 1 asserted and uncounted. 0 network requests.

Every product emits Kernel-shape receipts; one verifier checks them all.

It rides your IAM

It binds to your IdP — it doesn’t replace it

Your identity provider already issues the grants — Okta ID-JAG, SPIFFE / SPIRE. ByteVerity doesn’t stand up a parallel identity system; it binds every agent action to the identity your IdP already issued, and proves what that identity did.

Revoke the grant and every past action under it turns RED — re-derived offline from a signed status list, with no call back to the issuer. The agent’s whole history fails closed, provably, with the issuer and every engine absent.

Honest scope

Identity binds to Okta ID-JAG / SPIRE, demonstrated on a live Okta dev tenant — bind an agent to an issued grant, revoke it, and watch its past actions re-derive RED offline.

  • No one-click Okta integration — binding is demonstrated, not turnkey.
  • We do not claim token-signature verification; revocation re-derives from a signed status list.